[PATCH] ath11k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855
Sven Eckelmann
sven at narfation.org
Fri Dec 3 06:09:30 PST 2021
On Monday, 29 November 2021 11:13:09 CET Wen Gong wrote:
> Currently mac80211 will send 3 scan request for each scan of WCN6855,
> they are 2.4 GHz/5 GHz/6 GHz band scan. Firmware of WCN6855 will
> cache the RNR IE(Reduced Neighbor Report element) which exist in the
> beacon of 2.4 GHz/5 GHz of the AP which is co-located with 6 GHz,
> and then use the cache to scan in 6 GHz band scan if the 6 GHz scan
> is in the same scan with the 2.4 GHz/5 GHz band, this will helpful to
> search more AP of 6 GHz. Also it will decrease the time cost of scan
> because firmware will use dual-band scan for the 2.4 GHz/5 GHz, it
> means the 2.4 GHz and 5 GHz scans are doing simultaneously.
>
> Set the flag IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855 since
> it supports 2.4 GHz/5 GHz/6 GHz and it is single pdev which means
> all the 2.4 GHz/5 GHz/6 GHz exist in the same wiphy/ieee80211_hw.
>
> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1
I've tested this on ath-next on commit a93789ae541c ("ath11k: Avoid NULL ptr
access during mgmt tx cleanup") with a WCN6856 card (EmWicon/jjplus WMX7205)
with firmware WLAN.HSP.1.1-02892.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1. ath-next
was required for me because 32 MSI vectors are not available on the
used system.
Without this patch, it works fine. With patch, I just have to connect to an AP
via wpa_supplicant to crash the system. See the attached x86-64 .config, the
stacktrace and the decoded stacktrace.
Kind regards,
Sven
-------------- next part --------------
[ 51.095079] general protection fault, probably for non-canonical address 0x408210000b231a: 0000 [#1] PREEMPT SMP NOPTI
[ 51.105795] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #1
[ 51.112157] Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
[ 51.118339] RIP: 0010:skb_release_data (./include/linux/skbuff.h:1549 net/core/skbuff.c:669)
[ 51.123061] Code: 4d 85 ed 74 4b 41 8b 85 bc 00 00 00 49 03 85 c0 00 00 00 0f b6 10 f6 c2 01 74 35 48 8b 70 28 48 85 f6 74 2c 40 f6 c6 01 75 21 <48> 8b 06 ba 01 00 00 00 4c 89 ef 0f ae e8 ff d0 41 8b 85 bc 00 00
All code
========
0: 4d 85 ed test %r13,%r13
3: 74 4b je 0x50
5: 41 8b 85 bc 00 00 00 mov 0xbc(%r13),%eax
c: 49 03 85 c0 00 00 00 add 0xc0(%r13),%rax
13: 0f b6 10 movzbl (%rax),%edx
16: f6 c2 01 test $0x1,%dl
19: 74 35 je 0x50
1b: 48 8b 70 28 mov 0x28(%rax),%rsi
1f: 48 85 f6 test %rsi,%rsi
22: 74 2c je 0x50
24: 40 f6 c6 01 test $0x1,%sil
28: 75 21 jne 0x4b
2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
2d: ba 01 00 00 00 mov $0x1,%edx
32: 4c 89 ef mov %r13,%rdi
35: 0f ae e8 lfence
38: ff d0 callq *%rax
3a: 41 rex.B
3b: 8b .byte 0x8b
3c: 85 .byte 0x85
3d: bc .byte 0xbc
...
Code starting with the faulting instruction
===========================================
0: 48 8b 06 mov (%rsi),%rax
3: ba 01 00 00 00 mov $0x1,%edx
8: 4c 89 ef mov %r13,%rdi
b: 0f ae e8 lfence
e: ff d0 callq *%rax
10: 41 rex.B
11: 8b .byte 0x8b
12: 85 .byte 0x85
13: bc .byte 0xbc
...
[ 51.141815] RSP: 0018:ffffbec4c0003e30 EFLAGS: 00010246
[ 51.147049] RAX: ffff9a9d11a6c2c0 RBX: ffff9a9d08341a68 RCX: 0000000000000000
[ 51.154189] RDX: 0000000000000003 RSI: 00408210000b231a RDI: ffff9a9d01162900
[ 51.161323] RBP: ffff9a9d01162900 R08: 0000000000000212 R09: ffffffffb4ed24e8
[ 51.168465] R10: 0000000000000000 R11: 00000000dca23000 R12: ffff9a9d11a6c2c0
[ 51.175605] R13: ffff9a9d01162900 R14: ffff9a9d083435d8 R15: 0000000000000005
[ 51.182740] FS: 0000000000000000(0000) GS:ffff9a9d1ac00000(0000) knlGS:0000000000000000
[ 51.190832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.196578] CR2: 000055b14ef3a778 CR3: 0000000108c6e000 CR4: 00000000000006f0
[ 51.203713] Call Trace:
[ 51.206170] <IRQ>
[ 51.208196] consume_skb (net/core/skbuff.c:757 net/core/skbuff.c:912 net/core/skbuff.c:906)
[ 51.211620] ath11k_ce_tx_process_cb+0x157/0x220 ath11k
[ 51.217177] ath11k_ce_per_engine_service (drivers/net/wireless/ath/ath11k/ce.c:437 drivers/net/wireless/ath/ath11k/ce.c:675) ath11k
[ 51.223130] ? _raw_spin_lock_irqsave (./arch/x86/include/asm/atomic.h:202 ./include/linux/atomic/atomic-instrumented.h:513 ./include/asm-generic/qspinlock.h:82 ./include/linux/spinlock.h:185 ./include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 51.227680] ath11k_pci_ce_tasklet (drivers/net/wireless/ath/ath11k/pci.c:633) ath11k_pci
[ 51.233095] tasklet_action_common.constprop.0 (./arch/x86/include/asm/bitops.h:75 ./include/asm-generic/bitops/instrumented-atomic.h:42 kernel/softirq.c:879 kernel/softirq.c:787)
[ 51.238425] __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:212 ./include/trace/events/irq.h:142 kernel/softirq.c:559)
[ 51.242023] __irq_exit_rcu (kernel/softirq.c:432 kernel/softirq.c:636)
[ 51.245780] common_interrupt (arch/x86/kernel/irq.c:240 (discriminator 14))
[ 51.249638] </IRQ>
[ 51.251743] <TASK>
[ 51.253850] asm_common_interrupt (./arch/x86/include/asm/idtentry.h:629)
[ 51.258044] RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:259)
[ 51.263026] Code: 31 ff e8 d9 c6 9e ff 45 84 ff 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 78 02 00 00 31 ff e8 bd 97 a5 ff fb 66 0f 1f 44 00 00 <45> 85 f6 0f 88 11 01 00 00 49 63 c6 4c 2b 2c 24 48 8d 14 40 48 8d
All code
========
0: 31 ff xor %edi,%edi
2: e8 d9 c6 9e ff callq 0xffffffffff9ec6e0
7: 45 84 ff test %r15b,%r15b
a: 74 17 je 0x23
c: 9c pushfq
d: 58 pop %rax
e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
13: f6 c4 02 test $0x2,%ah
16: 0f 85 78 02 00 00 jne 0x294
1c: 31 ff xor %edi,%edi
1e: e8 bd 97 a5 ff callq 0xffffffffffa597e0
23: fb sti
24: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
2a:* 45 85 f6 test %r14d,%r14d <-- trapping instruction
2d: 0f 88 11 01 00 00 js 0x144
33: 49 63 c6 movslq %r14d,%rax
36: 4c 2b 2c 24 sub (%rsp),%r13
3a: 48 8d 14 40 lea (%rax,%rax,2),%rdx
3e: 48 rex.W
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: 45 85 f6 test %r14d,%r14d
3: 0f 88 11 01 00 00 js 0x11a
9: 49 63 c6 movslq %r14d,%rax
c: 4c 2b 2c 24 sub (%rsp),%r13
10: 48 8d 14 40 lea (%rax,%rax,2),%rdx
14: 48 rex.W
15: 8d .byte 0x8d
[ 51.281781] RSP: 0018:ffffffffb4e03e60 EFLAGS: 00000246
[ 51.287017] RAX: ffff9a9d1ac00000 RBX: 0000000000000002 RCX: 000000000000001f
[ 51.294157] RDX: 0000000000000000 RSI: ffffffffb494bd50 RDI: ffffffffb4927def
[ 51.301290] RBP: ffff9a9d0151b000 R08: 0000000be57e1147 R09: 0000000000000018
[ 51.308424] R10: 0000000000000ed3 R11: 0000000000002406 R12: ffffffffb4fd05c0
[ 51.315565] R13: 0000000be57e1147 R14: 0000000000000002 R15: 0000000000000000
[ 51.322716] cpuidle_enter (drivers/cpuidle/cpuidle.c:353)
[ 51.326305] do_idle (kernel/sched/idle.c:158 kernel/sched/idle.c:239 kernel/sched/idle.c:306)
[ 51.329547] cpu_startup_entry (kernel/sched/idle.c:402 (discriminator 1))
[ 51.333479] start_kernel (init/main.c:1137)
[ 51.337156] secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:283)
[ 51.342228] </TASK>
[ 51.344424] Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 btusb btrtl btbcm btintel bluetooth libarc4 kvm_amd ccp cfg80211 jitterentropy_rng rng_core sha512_ssse3 evdev sha512_generic kvm snd_pcm snd_timer ctr leds_apu drbg snd ansi_cprng sg irqbypass ecdh_generic rfkill soundcore ecc pcspkr k10temp sp5100_tco watchdog button acpi_cpufreq drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci libata ehci_pci ohci_hcd ehci_hcd r8169 realtek mdio_devres usbcore scsi_mod i2c_piix4 usb_common scsi_common libphy
[ 51.403181] ---[ end trace 5511b9c3dbb0841e ]---
[ 51.407861] RIP: 0010:skb_release_data (./include/linux/skbuff.h:1549 net/core/skbuff.c:669)
[ 51.412592] Code: 4d 85 ed 74 4b 41 8b 85 bc 00 00 00 49 03 85 c0 00 00 00 0f b6 10 f6 c2 01 74 35 48 8b 70 28 48 85 f6 74 2c 40 f6 c6 01 75 21 <48> 8b 06 ba 01 00 00 00 4c 89 ef 0f ae e8 ff d0 41 8b 85 bc 00 00
All code
========
0: 4d 85 ed test %r13,%r13
3: 74 4b je 0x50
5: 41 8b 85 bc 00 00 00 mov 0xbc(%r13),%eax
c: 49 03 85 c0 00 00 00 add 0xc0(%r13),%rax
13: 0f b6 10 movzbl (%rax),%edx
16: f6 c2 01 test $0x1,%dl
19: 74 35 je 0x50
1b: 48 8b 70 28 mov 0x28(%rax),%rsi
1f: 48 85 f6 test %rsi,%rsi
22: 74 2c je 0x50
24: 40 f6 c6 01 test $0x1,%sil
28: 75 21 jne 0x4b
2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
2d: ba 01 00 00 00 mov $0x1,%edx
32: 4c 89 ef mov %r13,%rdi
35: 0f ae e8 lfence
38: ff d0 callq *%rax
3a: 41 rex.B
3b: 8b .byte 0x8b
3c: 85 .byte 0x85
3d: bc .byte 0xbc
...
Code starting with the faulting instruction
===========================================
0: 48 8b 06 mov (%rsi),%rax
3: ba 01 00 00 00 mov $0x1,%edx
8: 4c 89 ef mov %r13,%rdi
b: 0f ae e8 lfence
e: ff d0 callq *%rax
10: 41 rex.B
11: 8b .byte 0x8b
12: 85 .byte 0x85
13: bc .byte 0xbc
...
[ 51.431366] RSP: 0018:ffffbec4c0003e30 EFLAGS: 00010246
[ 51.436623] RAX: ffff9a9d11a6c2c0 RBX: ffff9a9d08341a68 RCX: 0000000000000000
[ 51.443782] RDX: 0000000000000003 RSI: 00408210000b231a RDI: ffff9a9d01162900
[ 51.450939] RBP: ffff9a9d01162900 R08: 0000000000000212 R09: ffffffffb4ed24e8
[ 51.458099] R10: 0000000000000000 R11: 00000000dca23000 R12: ffff9a9d11a6c2c0
[ 51.465256] R13: ffff9a9d01162900 R14: ffff9a9d083435d8 R15: 0000000000000005
[ 51.472416] FS: 0000000000000000(0000) GS:ffff9a9d1ac00000(0000) knlGS:0000000000000000
[ 51.480528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.486299] CR2: 000055b14ef3a778 CR3: 0000000108c6e000 CR4: 00000000000006f0
[ 51.493459] Kernel panic - not syncing: Fatal exception in interrupt
[ 51.499831] Kernel Offset: 0x32800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 51.510610] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
[ 51.095079] general protection fault, probably for non-canonical address 0x408210000b231a: 0000 [#1] PREEMPT SMP NOPTI
[ 51.105795] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc1+ #1
[ 51.112157] Hardware name: PC Engines APU/APU, BIOS 4.0 09/08/2014
[ 51.118339] RIP: 0010:skb_release_data+0x81/0x170
[ 51.123061] Code: 4d 85 ed 74 4b 41 8b 85 bc 00 00 00 49 03 85 c0 00 00 00 0f b6 10 f6 c2 01 74 35 48 8b 70 28 48 85 f6 74 2c 40 f6 c6 01 75 21 <48> 8b 06 ba 01 00 00 00 4c 89 ef 0f ae e8 ff d0 41 8b 85 bc 00 00
[ 51.141815] RSP: 0018:ffffbec4c0003e30 EFLAGS: 00010246
[ 51.147049] RAX: ffff9a9d11a6c2c0 RBX: ffff9a9d08341a68 RCX: 0000000000000000
[ 51.154189] RDX: 0000000000000003 RSI: 00408210000b231a RDI: ffff9a9d01162900
[ 51.161323] RBP: ffff9a9d01162900 R08: 0000000000000212 R09: ffffffffb4ed24e8
[ 51.168465] R10: 0000000000000000 R11: 00000000dca23000 R12: ffff9a9d11a6c2c0
[ 51.175605] R13: ffff9a9d01162900 R14: ffff9a9d083435d8 R15: 0000000000000005
[ 51.182740] FS: 0000000000000000(0000) GS:ffff9a9d1ac00000(0000) knlGS:0000000000000000
[ 51.190832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.196578] CR2: 000055b14ef3a778 CR3: 0000000108c6e000 CR4: 00000000000006f0
[ 51.203713] Call Trace:
[ 51.206170] <IRQ>
[ 51.208196] consume_skb+0x39/0xb0
[ 51.211620] ath11k_ce_tx_process_cb+0x157/0x220 [ath11k]
[ 51.217177] ath11k_ce_per_engine_service+0x3c0/0x3d0 [ath11k]
[ 51.223130] ? _raw_spin_lock_irqsave+0x26/0x50
[ 51.227680] ath11k_pci_ce_tasklet+0x1c/0x40 [ath11k_pci]
[ 51.233095] tasklet_action_common.constprop.0+0xaf/0xe0
[ 51.238425] __do_softirq+0xec/0x2e9
[ 51.242023] __irq_exit_rcu+0xbc/0x110
[ 51.245780] common_interrupt+0xb8/0xd0
[ 51.249638] </IRQ>
[ 51.251743] <TASK>
[ 51.253850] asm_common_interrupt+0x1e/0x40
[ 51.258044] RIP: 0010:cpuidle_enter_state+0xda/0x370
[ 51.263026] Code: 31 ff e8 d9 c6 9e ff 45 84 ff 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 78 02 00 00 31 ff e8 bd 97 a5 ff fb 66 0f 1f 44 00 00 <45> 85 f6 0f 88 11 01 00 00 49 63 c6 4c 2b 2c 24 48 8d 14 40 48 8d
[ 51.281781] RSP: 0018:ffffffffb4e03e60 EFLAGS: 00000246
[ 51.287017] RAX: ffff9a9d1ac00000 RBX: 0000000000000002 RCX: 000000000000001f
[ 51.294157] RDX: 0000000000000000 RSI: ffffffffb494bd50 RDI: ffffffffb4927def
[ 51.301290] RBP: ffff9a9d0151b000 R08: 0000000be57e1147 R09: 0000000000000018
[ 51.308424] R10: 0000000000000ed3 R11: 0000000000002406 R12: ffffffffb4fd05c0
[ 51.315565] R13: 0000000be57e1147 R14: 0000000000000002 R15: 0000000000000000
[ 51.322716] cpuidle_enter+0x29/0x40
[ 51.326305] do_idle+0x200/0x2b0
[ 51.329547] cpu_startup_entry+0x19/0x20
[ 51.333479] start_kernel+0x6b7/0x6dc
[ 51.337156] secondary_startup_64_no_verify+0xb0/0xbb
[ 51.342228] </TASK>
[ 51.344424] Modules linked in: qrtr_mhi qrtr ath11k_pci mhi ath11k qmi_helpers mac80211 btusb btrtl btbcm btintel bluetooth libarc4 kvm_amd ccp cfg80211 jitterentropy_rng rng_core sha512_ssse3 evdev sha512_generic kvm snd_pcm snd_timer ctr leds_apu drbg snd ansi_cprng sg irqbypass ecdh_generic rfkill soundcore ecc pcspkr k10temp sp5100_tco watchdog button acpi_cpufreq drm fuse configfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common uas usb_storage ohci_pci ahci libahci libata ehci_pci ohci_hcd ehci_hcd r8169 realtek mdio_devres usbcore scsi_mod i2c_piix4 usb_common scsi_common libphy
[ 51.403181] ---[ end trace 5511b9c3dbb0841e ]---
[ 51.407861] RIP: 0010:skb_release_data+0x81/0x170
[ 51.412592] Code: 4d 85 ed 74 4b 41 8b 85 bc 00 00 00 49 03 85 c0 00 00 00 0f b6 10 f6 c2 01 74 35 48 8b 70 28 48 85 f6 74 2c 40 f6 c6 01 75 21 <48> 8b 06 ba 01 00 00 00 4c 89 ef 0f ae e8 ff d0 41 8b 85 bc 00 00
[ 51.431366] RSP: 0018:ffffbec4c0003e30 EFLAGS: 00010246
[ 51.436623] RAX: ffff9a9d11a6c2c0 RBX: ffff9a9d08341a68 RCX: 0000000000000000
[ 51.443782] RDX: 0000000000000003 RSI: 00408210000b231a RDI: ffff9a9d01162900
[ 51.450939] RBP: ffff9a9d01162900 R08: 0000000000000212 R09: ffffffffb4ed24e8
[ 51.458099] R10: 0000000000000000 R11: 00000000dca23000 R12: ffff9a9d11a6c2c0
[ 51.465256] R13: ffff9a9d01162900 R14: ffff9a9d083435d8 R15: 0000000000000005
[ 51.472416] FS: 0000000000000000(0000) GS:ffff9a9d1ac00000(0000) knlGS:0000000000000000
[ 51.480528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.486299] CR2: 000055b14ef3a778 CR3: 0000000108c6e000 CR4: 00000000000006f0
[ 51.493459] Kernel panic - not syncing: Fatal exception in interrupt
[ 51.499831] Kernel Offset: 0x32800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 51.510610] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .config.xz
Type: application/x-xz
Size: 51012 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/ath11k/attachments/20211203/44752e62/attachment-0001.xz>
More information about the ath11k
mailing list